Bug 429023 (CVE-2007-4770)

Summary: CVE-2007-4770 libicu poor back reference validation
Product: [Other] Security Response Reporter: Josh Bressers <bressers>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: medium    
Version: unspecifiedCC: caolanm, kreilly, security-response-team
Target Milestone: ---Keywords: Reopened, Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 3.8-5.fc8 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-01-28 14:03:32 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 429706, 429707, 430232, 430233    
Bug Blocks:    
Attachments:
Description Flags
An example of icu pattern matching in OOo
none
Patch agains ICU 3.8 proposed by Andy Heninger
none
backported patch none

Description Josh Bressers 2008-01-16 20:53:36 UTC
Will Drewry reported a flaw in the way libicu processes certain regular
expressions.  He reports:

    On regular expression compilation, illegal backreferences may refer to the
    non-existent capture group '0'.  When these are builts, they will result
    in corrupt REStackFrames which will be used at a later point.  Crashes may
    result in out of band reads or writes depending on the regular expression
    being executed.

Comment 3 Caolan McNamara 2008-01-17 09:20:08 UTC
Created attachment 291973 [details]
An example of icu pattern matching in OOo

I figured out how to get OOo to match patterns with the icu regexp stuff.
Attached is a test-case which just tries to match "I am a pattern"

Comment 5 Tomas Hoger 2008-01-18 08:06:42 UTC
Created attachment 292114 [details]
Patch agains ICU 3.8 proposed by Andy Heninger

Comment 8 Caolan McNamara 2008-01-22 08:59:16 UTC
Created attachment 292482 [details]
backported patch

I can't commit to RHEL icu without approved bugzilla ids.

Comment 15 Fedora Update System 2008-01-27 07:13:09 UTC
icu-3.8-5.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 16 Fedora Update System 2008-01-27 07:21:19 UTC
icu-3.6-20.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.